2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--59df77e7-2420-4c6c-bc2c-44ce950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:26.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:26.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--59df77e7-2420-4c6c-bc2c-44ce950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:26.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:26.000Z",
|
|
|
|
"name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-11 : \"Emailing: 12345678\" - \"12345678.7z\"",
|
|
|
|
"published": "2017-10-12T17:28:07Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--59df77e8-fa24-4c7e-b260-4531950d210f",
|
|
|
|
"indicator--59df77e8-9d74-46ad-b6bf-4d8c950d210f",
|
|
|
|
"indicator--59df77e9-ad7c-4567-8cab-1fb0950d210f",
|
|
|
|
"indicator--59df77e9-0fe4-4a2f-9df1-431b950d210f",
|
|
|
|
"observed-data--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"network-traffic--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"indicator--59df77ea-8e50-4c26-b2ca-1e76950d210f",
|
|
|
|
"indicator--59df77ea-f8ec-41f0-a374-2139950d210f",
|
|
|
|
"observed-data--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"network-traffic--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"indicator--59df77ea-7ec4-4ac7-b56a-4070950d210f",
|
|
|
|
"indicator--59df77ea-8318-4622-9f3b-ad07950d210f",
|
|
|
|
"observed-data--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"network-traffic--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"indicator--59df77eb-dbf0-44c0-a0d5-4780950d210f",
|
|
|
|
"indicator--59df77ec-9118-4227-9e59-4fce950d210f",
|
|
|
|
"observed-data--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"network-traffic--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"indicator--59df77ec-a3c4-4b9a-8c3a-ac4d950d210f",
|
|
|
|
"indicator--59df77ec-02b8-4d1e-8a57-1eb1950d210f",
|
|
|
|
"observed-data--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"network-traffic--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"indicator--59df77ed-7c6c-4a3c-b791-4c7c950d210f",
|
|
|
|
"indicator--59df77ed-1950-475b-9981-216a950d210f",
|
|
|
|
"observed-data--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"network-traffic--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"indicator--59df77ee-2888-4d06-81f6-a108950d210f",
|
|
|
|
"indicator--59df77ee-191c-4d23-84cb-2139950d210f",
|
|
|
|
"observed-data--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"network-traffic--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"indicator--59df77ee-aa70-4c22-ad77-462e950d210f",
|
|
|
|
"indicator--59df77ef-c000-4c00-8fb0-4b73950d210f",
|
|
|
|
"observed-data--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"network-traffic--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"indicator--59df77ef-d728-4827-81ab-216a950d210f",
|
|
|
|
"indicator--59df77ef-e000-4a19-9226-4387950d210f",
|
|
|
|
"observed-data--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"network-traffic--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"indicator--59df77ef-78b8-4ca8-94d4-4090950d210f",
|
|
|
|
"indicator--59df77f0-444c-439b-aa89-45a6950d210f",
|
|
|
|
"observed-data--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"network-traffic--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"indicator--59df77f0-52dc-4dc0-9f5f-2139950d210f",
|
|
|
|
"indicator--59df77f0-f66c-49e7-b2fe-4a23950d210f",
|
|
|
|
"indicator--59df780f-af44-4a98-a683-1eb1950d210f",
|
|
|
|
"indicator--59df780f-8d80-4d8e-bf51-ac4d950d210f",
|
|
|
|
"indicator--59df780f-6994-4d5e-8346-216a950d210f",
|
|
|
|
"indicator--59df780f-774c-4c28-8bb5-1f31950d210f",
|
|
|
|
"observed-data--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"network-traffic--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"indicator--59df7810-f704-4e9b-81aa-4a72950d210f",
|
|
|
|
"indicator--59df7810-c964-404d-99d4-47ec950d210f",
|
|
|
|
"observed-data--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"network-traffic--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"indicator--59df7811-5c8c-4506-81f4-1e76950d210f",
|
|
|
|
"indicator--59df7811-a690-4d5d-afa0-2139950d210f",
|
|
|
|
"observed-data--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"network-traffic--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"indicator--59df7812-845c-40a5-8ac2-4954950d210f",
|
|
|
|
"indicator--59df7812-b608-4d7d-b838-444f950d210f",
|
|
|
|
"observed-data--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"network-traffic--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"indicator--59df7812-4038-4502-988e-1eb1950d210f",
|
|
|
|
"indicator--59df7813-9828-4849-9a4d-ac4d950d210f",
|
|
|
|
"observed-data--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"network-traffic--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"indicator--59df7814-1aec-440e-bb27-4cea950d210f",
|
|
|
|
"indicator--59df7814-44e8-4a7e-afa9-49b7950d210f",
|
|
|
|
"observed-data--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"network-traffic--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"indicator--59df7814-7fdc-4250-9129-46c4950d210f",
|
|
|
|
"indicator--59df7815-e408-4724-9246-1e76950d210f",
|
|
|
|
"observed-data--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"network-traffic--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"ipv4-addr--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"indicator--59df7815-b850-4a02-8979-4226950d210f",
|
|
|
|
"indicator--59df7815-7ba0-4deb-854f-4fbf950d210f",
|
|
|
|
"observed-data--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"network-traffic--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"indicator--59df7816-0538-40f9-a9d3-ac4d950d210f",
|
|
|
|
"indicator--59df7816-2644-4b21-b263-ad07950d210f",
|
|
|
|
"observed-data--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"network-traffic--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"indicator--59df7817-1348-4560-89b7-4af0950d210f",
|
|
|
|
"indicator--59df7817-61cc-408e-b25f-4608950d210f",
|
|
|
|
"observed-data--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"network-traffic--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"indicator--59df7818-f858-4cc0-9357-1e76950d210f",
|
|
|
|
"indicator--59df7818-1184-4e2a-8161-462e950d210f",
|
|
|
|
"observed-data--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"network-traffic--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"indicator--59df7819-011c-466d-99eb-443c950d210f",
|
|
|
|
"indicator--59df7819-8cd0-4731-91df-1eb1950d210f",
|
|
|
|
"observed-data--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"network-traffic--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"indicator--59df7819-2c08-4327-8db7-216a950d210f",
|
|
|
|
"indicator--59df781a-1624-4494-abd8-1f31950d210f",
|
|
|
|
"observed-data--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"network-traffic--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"indicator--59df781a-c9e0-4522-a493-4b7f950d210f",
|
|
|
|
"indicator--59df781b-aca8-4b3e-98eb-4ef8950d210f",
|
|
|
|
"observed-data--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"network-traffic--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"indicator--59df781b-4c54-4ae1-b370-1e76950d210f",
|
|
|
|
"indicator--59df781b-dbac-4fb2-9816-2139950d210f",
|
|
|
|
"observed-data--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"network-traffic--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"indicator--59df781c-1544-4264-8874-4904950d210f",
|
|
|
|
"observed-data--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"network-traffic--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"observed-data--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"network-traffic--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"observed-data--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"network-traffic--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"ipv4-addr--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"observed-data--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"network-traffic--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"observed-data--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"network-traffic--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"observed-data--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"network-traffic--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"observed-data--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"network-traffic--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"observed-data--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"network-traffic--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"observed-data--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"network-traffic--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"observed-data--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"network-traffic--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"observed-data--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"network-traffic--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"observed-data--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"network-traffic--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"observed-data--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"network-traffic--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"observed-data--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"network-traffic--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"observed-data--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"network-traffic--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"ipv4-addr--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"observed-data--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"network-traffic--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"observed-data--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"network-traffic--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"observed-data--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"network-traffic--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"observed-data--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"network-traffic--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"observed-data--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"network-traffic--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"observed-data--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"network-traffic--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"ipv4-addr--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"observed-data--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"network-traffic--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"ipv4-addr--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"observed-data--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"network-traffic--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"observed-data--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"network-traffic--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"observed-data--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"network-traffic--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"observed-data--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"network-traffic--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"observed-data--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"network-traffic--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"observed-data--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"network-traffic--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"observed-data--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"network-traffic--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"observed-data--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"network-traffic--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"observed-data--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"network-traffic--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"observed-data--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"network-traffic--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"indicator--59dfa509-5b30-4324-b78d-4bd702de0b81",
|
|
|
|
"indicator--59dfa509-2280-4abc-83ff-454302de0b81",
|
|
|
|
"observed-data--59dfa509-823c-45e5-8088-484a02de0b81",
|
|
|
|
"url--59dfa509-823c-45e5-8088-484a02de0b81",
|
|
|
|
"indicator--59dfa509-a5bc-4fab-bfaf-4df902de0b81",
|
|
|
|
"indicator--59dfa509-daa4-4dcb-b5fd-447302de0b81",
|
|
|
|
"observed-data--59dfa509-ef84-4b3a-9fa0-4d6502de0b81",
|
|
|
|
"url--59dfa509-ef84-4b3a-9fa0-4d6502de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:tool=\"Trick Bot\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77e8-fa24-4c7e-b260-4531950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c77d1c0c0ecd0b2f81f2bcf89fb07279']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77e8-9d74-46ad-b6bf-4d8c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e3d2e5e74874fd8b59ddef544f7e4851']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77e9-ad7c-4567-8cab-1fb0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://agriturismoviridarium.it/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77e9-0fe4-4a2f-9df1-431b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'agriturismoviridarium.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77e9-b2ec-43f0-b641-4d8f950d210f",
|
|
|
|
"value": "85.235.131.55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ea-8e50-4c26-b2ca-1e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://enixgaming.de/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ea-f8ec-41f0-a374-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'enixgaming.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ea-d0b8-43d1-8524-4dec950d210f",
|
|
|
|
"value": "212.224.65.254"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ea-7ec4-4ac7-b56a-4070950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://enmee.net/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ea-8318-4622-9f3b-ad07950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'enmee.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77eb-0370-4a60-9801-4216950d210f",
|
|
|
|
"value": "209.54.62.90"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77eb-dbf0-44c0-a0d5-4780950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://fls-portal.co.uk/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ec-9118-4227-9e59-4fce950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'fls-portal.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ec-7650-4b0a-b07b-2139950d210f",
|
|
|
|
"value": "109.108.149.65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ec-a3c4-4b9a-8c3a-ac4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://jeangurunlian.com/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ec-02b8-4d1e-8a57-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'jeangurunlian.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ed-33e0-436d-aa7e-4b43950d210f",
|
|
|
|
"value": "98.124.251.202"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ed-7c6c-4a3c-b791-4c7c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://peopleiknow.org/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ed-1950-475b-9981-216a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'peopleiknow.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ee-c0a0-4eb5-bd40-4fb9950d210f",
|
|
|
|
"value": "67.210.102.240"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ee-2888-4d06-81f6-a108950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://petrochemus.com/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ee-191c-4d23-84cb-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'petrochemus.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ee-d4c0-4b9a-bc8c-1eb1950d210f",
|
|
|
|
"value": "98.124.251.72"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ee-aa70-4c22-ad77-462e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sci-eye.com/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ef-c000-4c00-8fb0-4b73950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sci-eye.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ef-ba6c-4200-85b3-1f31950d210f",
|
|
|
|
"value": "98.124.252.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ef-d728-4827-81ab-216a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://secundaria50.edu.mx/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ef-e000-4a19-9226-4387950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'secundaria50.edu.mx']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77ef-06d0-4dc8-87b6-4762950d210f",
|
|
|
|
"value": "98.124.251.65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77ef-78b8-4ca8-94d4-4090950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://stemcellenhancementresearch.com/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77f0-444c-439b-aa89-45a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'stemcellenhancementresearch.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df77f0-610c-4d35-95c6-a108950d210f",
|
|
|
|
"value": "199.30.241.139"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77f0-52dc-4dc0-9f5f-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://fetchstats.net/p66/6jbgcfwe3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df77f0-f66c-49e7-b2fe-4a23950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'fetchstats.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df780f-af44-4a98-a683-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://alexandradickman.com/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df780f-8d80-4d8e-bf51-ac4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alexandradickman.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df780f-6994-4d5e-8346-216a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://arkberg-design.fi/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df780f-774c-4c28-8bb5-1f31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'arkberg-design.fi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7810-71a8-4045-b24e-4394950d210f",
|
|
|
|
"value": "84.234.64.216"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7810-f704-4e9b-81aa-4a72950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://basedow-bilder.de/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7810-c964-404d-99d4-47ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'basedow-bilder.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7810-9eb0-4381-908c-a108950d210f",
|
|
|
|
"value": "194.116.187.130"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7811-5c8c-4506-81f4-1e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:19.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://centralbaptistchurchnj.org/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7811-a690-4d5d-afa0-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'centralbaptistchurchnj.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7811-f3ec-4e70-b402-4414950d210f",
|
|
|
|
"value": "68.171.62.42"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7812-845c-40a5-8ac2-4954950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://download.justowin.it/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7812-b608-4d7d-b838-444f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'download.justowin.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7812-b09c-4fbd-84d4-4268950d210f",
|
|
|
|
"value": "95.110.225.147"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7812-4038-4502-988e-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://hair-select.jp/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7813-9828-4849-9a4d-ac4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'hair-select.jp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7814-e504-437f-b91d-1f31950d210f",
|
|
|
|
"value": "180.222.185.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7814-1aec-440e-bb27-4cea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://itsmaterial.us/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7814-44e8-4a7e-afa9-49b7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'itsmaterial.us']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7814-bb74-4999-9200-4faa950d210f",
|
|
|
|
"value": "98.124.252.176"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7814-7fdc-4250-9129-46c4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lacosturera.es/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7815-e408-4724-9246-1e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lacosturera.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"ipv4-addr--59df7815-3844-441b-ab55-4655950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7815-3844-441b-ab55-4655950d210f",
|
|
|
|
"value": "86.109.170.198"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7815-b850-4a02-8979-4226950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://missiegeslaagd.nl/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7815-7ba0-4deb-854f-4fbf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'missiegeslaagd.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7816-5250-447b-bef8-1eb1950d210f",
|
|
|
|
"value": "46.235.44.98"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7816-0538-40f9-a9d3-ac4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://motifahsap.com/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7816-2644-4b21-b263-ad07950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'motifahsap.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7817-2a40-4bd4-8267-1fb0950d210f",
|
|
|
|
"value": "188.132.180.113"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7817-1348-4560-89b7-4af0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://pacalik.net/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7817-61cc-408e-b25f-4608950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'pacalik.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7818-3e94-4be5-9ba9-4c91950d210f",
|
|
|
|
"value": "93.187.200.105"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7818-f858-4cc0-9357-1e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ryanbaptistchurch.com/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7818-1184-4e2a-8161-462e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ryanbaptistchurch.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7818-99bc-4f64-9f23-44c3950d210f",
|
|
|
|
"value": "66.36.173.246"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7819-011c-466d-99eb-443c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sambad.com.np/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7819-8cd0-4731-91df-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sambad.com.np']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7819-114c-4f1c-bf99-ac4d950d210f",
|
|
|
|
"value": "74.200.89.84"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df7819-2c08-4327-8db7-216a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sgtenterprises.com/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df781a-1624-4494-abd8-1f31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sgtenterprises.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781a-6f3c-4d18-9674-4e92950d210f",
|
|
|
|
"value": "66.36.163.197"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df781a-c9e0-4522-a493-4b7f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://shamanic-extracts.biz/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df781b-aca8-4b3e-98eb-4ef8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'shamanic-extracts.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781b-e178-4f87-8fd1-4ab7950d210f",
|
|
|
|
"value": "62.212.154.98"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df781b-4c54-4ae1-b370-1e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://signlight.com.au/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df781b-dbac-4fb2-9816-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'signlight.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781c-6ce4-40ce-b2a3-4696950d210f",
|
|
|
|
"value": "203.17.73.160"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59df781c-1544-4264-8874-4904950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://fetchstats.net/p66/cunrb78f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781c-ee94-4c90-94c9-4995950d210f",
|
|
|
|
"value": "91.83.88.51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781c-d420-429e-9c5c-ad07950d210f",
|
|
|
|
"value": "46.237.117.193"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"ipv4-addr--59df781d-e988-48c1-b617-216a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781d-e988-48c1-b617-216a950d210f",
|
|
|
|
"value": "79.170.7.139"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781d-707c-4eaa-b6f3-1f31950d210f",
|
|
|
|
"value": "41.57.103.218"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781d-70bc-4b81-b0d6-1fb0950d210f",
|
|
|
|
"value": "196.202.194.202"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781e-092c-4edc-9ac9-4d35950d210f",
|
|
|
|
"value": "46.20.56.239"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781e-ab84-4830-8acd-4663950d210f",
|
|
|
|
"value": "176.120.126.21"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781e-9004-420d-8b3d-4782950d210f",
|
|
|
|
"value": "91.239.249.118"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781f-7380-411f-9a4a-4ef1950d210f",
|
|
|
|
"value": "194.87.103.184"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781f-7098-40a2-9e63-a108950d210f",
|
|
|
|
"value": "92.63.102.64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781f-145c-46bb-9abe-1e76950d210f",
|
|
|
|
"value": "194.87.238.53"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:20.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:20.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df781f-019c-40c9-b8eb-2139950d210f",
|
|
|
|
"value": "92.63.102.159"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7820-b20c-4893-82b0-4f62950d210f",
|
|
|
|
"value": "194.87.232.219"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7820-3050-4da7-bd92-4032950d210f",
|
|
|
|
"value": "149.154.69.70"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"ipv4-addr--59df7820-1550-4564-9499-4098950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7820-1550-4564-9499-4098950d210f",
|
|
|
|
"value": "78.24.223.153"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7821-4380-455d-a94f-1eb1950d210f",
|
|
|
|
"value": "194.87.92.207"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7821-4768-4f40-8d57-45b1950d210f",
|
|
|
|
"value": "194.87.94.239"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7821-7ad8-4c2e-9b1d-ac4d950d210f",
|
|
|
|
"value": "195.133.147.238"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7821-5aac-4054-be18-1f31950d210f",
|
|
|
|
"value": "62.109.15.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7822-8a38-41a6-899b-1fb0950d210f",
|
|
|
|
"value": "194.87.236.240"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"ipv4-addr--59df7822-8558-4795-ab34-4676950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7822-8558-4795-ab34-4676950d210f",
|
|
|
|
"value": "62.109.6.237"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"ipv4-addr--59df7822-2228-4f88-830d-484b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7822-2228-4f88-830d-484b950d210f",
|
|
|
|
"value": "149.154.69.47"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7823-8700-4033-aeb3-a108950d210f",
|
|
|
|
"value": "82.146.47.121"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7823-ca40-42c4-bc2d-2139950d210f",
|
|
|
|
"value": "78.24.216.250"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7823-23cc-442b-a14e-4687950d210f",
|
|
|
|
"value": "82.146.56.218"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7824-9c48-4e73-85d6-4031950d210f",
|
|
|
|
"value": "185.159.131.198"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7824-2670-4eef-a0f2-1eb1950d210f",
|
|
|
|
"value": "194.87.146.32"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7824-8398-4e2a-82bb-4d1c950d210f",
|
|
|
|
"value": "5.133.179.77"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7825-22a4-4cfa-af6f-ad07950d210f",
|
|
|
|
"value": "94.242.224.214"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7825-08d4-4933-bbd2-216a950d210f",
|
|
|
|
"value": "194.87.92.242"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7825-8850-4ed4-8782-4615950d210f",
|
|
|
|
"value": "195.133.146.236"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59df7825-c6cc-4cfd-94e9-4d94950d210f",
|
|
|
|
"value": "193.124.117.238"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59dfa509-5b30-4324-b78d-4bd702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: e3d2e5e74874fd8b59ddef544f7e4851",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59dfa509-2280-4abc-83ff-454302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: e3d2e5e74874fd8b59ddef544f7e4851",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '494ecc9e139b49312c2ac5dec7b68d0e1bd996c4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59dfa509-823c-45e5-8088-484a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59dfa509-823c-45e5-8088-484a02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59dfa509-823c-45e5-8088-484a02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694/analysis/1507788202/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59dfa509-a5bc-4fab-bfaf-4df902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: c77d1c0c0ecd0b2f81f2bcf89fb07279",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59dfa509-daa4-4dcb-b5fd-447302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: c77d1c0c0ecd0b2f81f2bcf89fb07279",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'be7d13c25052903d150ed07e836e210e298b9995']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-12T17:23:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59dfa509-ef84-4b3a-9fa0-4d6502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-12T17:23:21.000Z",
|
|
|
|
"modified": "2017-10-12T17:23:21.000Z",
|
|
|
|
"first_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"last_observed": "2017-10-12T17:23:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59dfa509-ef84-4b3a-9fa0-4d6502de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59dfa509-ef84-4b3a-9fa0-4d6502de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6/analysis/1507820317/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|